In a data processing apparatus having processing logic for executing software routines, it is known to provide a plurality of system control registers for storing access control information for a plurality of system resources available to that processing logic when executing at least some of those software routines. The access control information can take a variety of forms. For example, for processing logic in the form of a processor core that issues memory access requests specifying virtual addresses, various of the system control registers may provide pointers to page tables in memory identifying a mapping to be used to convert virtual addresses into physical addresses, along with various memory region attributes and/or access permissions to be used in relation to such access requests. Similarly, for a processing unit which directly employs physical addresses, it is known for such system control registers to directly specify memory attributes and/or access permissions to be used when accessing particular memory regions.
In addition to storing access control information pertaining to memory, it is also known for such system control registers to provide access control information for other system resources, for example by containing pointers to exception vector tables identifying software routines to be executed on occurrence of particular types of exceptions within the system.
Typically the system control registers are arranged to only be updated by trusted software executing on the associated processing logic, for example operating system software running in a predetermined privileged mode of operation. In another example, the trusted software may be software executing in a particular domain provided by the data processing apparatus. For example, to seek to alleviate the reliance on operating system security, it is known to provide a system in which the data processing apparatus is provided with separate domains, these domains providing a mechanism for handling security at the hardware level. Such a system is described, for example in commonly assigned U.S. Pat. No. 7,305,534, the contents of which are herein incorporated by reference, this application describing a system having a secure domain and a non-secure domain. In that system, the non-secure and secure domains in effect establish separate worlds, with the secure domain providing a trusted execution space separated by hardware enforced boundaries from other execution spaces, and likewise the non-secure domain providing a non-trusted execution space. Within such a system, the trusted software used to update the system control registers may be software executing in a predetermined mode of operation within the secure domain.
With the aim of further increasing the security of the system control register contents, it is known to provide a predetermined list of system control registers which once they have been initially written to are enforced to be read only. Typically, this mechanism can be invoked by issuing a disable signal which when set causes that fixed predetermined list of system control registers to become read only.
However, by enforcing a predetermined fixed list of system control registers to become read only, this places significant restriction on the various usage models of the data processing apparatus. Accordingly, it will be desirable to provide a more flexible approach for protecting system control registers.